<?php
// 测试用户权限是否正确处理
require_once 'api/inc/config.php';

// 模拟用户ID（李伟的ID为34）
$currentUserId = 34;
$subordinateId = 35; // 王飞的ID

// 测试1: 检查getSubAccountList方法是否能获取到下级用户
function test_getSubAccountList($conn, $userId) {
    echo "\n测试1: 检查用户(ID: $userId)是否能获取到下级用户\n";
    // 模拟getSubAccountList方法的查询逻辑
    
    // 先获取当前用户的is_sub值
    $stmt = $conn->prepare("SELECT is_sub FROM users WHERE id = :id");
    $stmt->execute([':id' => $userId]);
    $currentUser = $stmt->fetch(PDO::FETCH_ASSOC);
    $currentUserIsSub = $currentUser['is_sub'] ?? 0;
    
    echo "当前用户is_sub值: $currentUserIsSub\n";
    
    // 构建查询条件
    $where = [];
    $params = [];
    
    // 根据当前用户的is_sub值决定查询条件
    if ($currentUserIsSub == 1) {
        // is_sub为1时，只显示当前用户的下级用户
        $where[] = "is_sub = 1 AND superior_id = :superior_id";
        $params[':superior_id'] = $userId;
    }
    
    $whereClause = $where ? 'WHERE ' . implode(' AND ', $where) : '';
    
    // 查询数据
    $stmt = $conn->prepare(
        "
        SELECT id, username, real_name, position, superior_id, parent_user_id 
        FROM users {$whereClause}
        ORDER BY id DESC
    ");
    
    foreach ($params as $key => $value) {
        $stmt->bindValue($key, $value);
    }
    
    $stmt->execute();
    $list = $stmt->fetchAll(PDO::FETCH_ASSOC);
    
    echo "找到 ".count($list)." 个下级用户\n";
    if (count($list) > 0) {
        echo "下级用户列表：\n";
        foreach ($list as $user) {
            echo "- ID: {$user['id']}, 用户名: {$user['username']}, 真实姓名: {$user['real_name']}\n";
            echo "  superior_id: {$user['superior_id']}, parent_user_id: {$user['parent_user_id']}\n";
        }
    }
}

// 测试2: 检查updateSubAccount方法的权限验证
function test_updateSubAccount_permission($conn, $currentUserId, $subordinateId) {
    echo "\n测试2: 检查用户(ID: $currentUserId)是否有权限更新下级用户(ID: $subordinateId)\n";
    
    // 模拟updateSubAccount方法的权限验证逻辑
    $stmt = $conn->prepare(
        "
        SELECT id FROM users WHERE id = :id AND is_sub = 1 AND (parent_user_id = :parent_user_id OR superior_id = :superior_id) LIMIT 1
    "
    );
    
    $stmt->execute([
        ':id' => $subordinateId, 
        ':parent_user_id' => $currentUserId, 
        ':superior_id' => $currentUserId
    ]);
    
    if ($stmt->fetch()) {
        echo "✓ 权限验证通过: 用户有权限更新此下级用户\n";
    } else {
        echo "✗ 权限验证失败: 用户无权限更新此下级用户\n";
    }
}

// 测试3: 检查deleteSubAccount方法的权限验证
function test_deleteSubAccount_permission($conn, $currentUserId, $subordinateId) {
    echo "\n测试3: 检查用户(ID: $currentUserId)是否有权限删除下级用户(ID: $subordinateId)\n";
    
    // 模拟deleteSubAccount方法的权限验证逻辑
    $stmt = $conn->prepare(
        "
        SELECT id FROM users WHERE id = :id AND is_sub = 1 AND (parent_user_id = :parent_user_id OR superior_id = :superior_id) LIMIT 1
    "
    );
    
    $stmt->execute([
        ':id' => $subordinateId, 
        ':parent_user_id' => $currentUserId, 
        ':superior_id' => $currentUserId
    ]);
    
    if ($stmt->fetch()) {
        echo "✓ 权限验证通过: 用户有权限删除此下级用户\n";
    } else {
        echo "✗ 权限验证失败: 用户无权限删除此下级用户\n";
    }
}

// 运行测试
try {
    echo "开始测试用户权限...\n";
    
    // 测试获取下级用户
    test_getSubAccountList($conn, $currentUserId);
    
    // 测试更新权限
    test_updateSubAccount_permission($conn, $currentUserId, $subordinateId);
    
    // 测试删除权限
    test_deleteSubAccount_permission($conn, $currentUserId, $subordinateId);
    
} catch(PDOException $e) {
    echo "数据库操作失败: " . $e->getMessage();
}